Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
26/01/2024, 04:36
Behavioral task
behavioral1
Sample
7666631340601c748c0b9cb8affa02db.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
7666631340601c748c0b9cb8affa02db.exe
Resource
win10v2004-20231215-en
General
-
Target
7666631340601c748c0b9cb8affa02db.exe
-
Size
5.8MB
-
MD5
7666631340601c748c0b9cb8affa02db
-
SHA1
b463ac7a8b4eea1e5a48b0170a6a15e70c390e25
-
SHA256
fa0a9ee26d02a444c2eb0f05449f74ccf1ae4b96988576e640014db33018df97
-
SHA512
1df46294d7f989aa9735a9cd16b3559797a3ce7c6e2a9f1f7e7952a6a8ef730860aab082bb2680986670c2f22a514511dc129397b8f9d978e00acc25bbe5499d
-
SSDEEP
98304:85mdM5JhLlvFhiY1gg3gnl/IVUs1jePsfk9AIE9GWiWDDPbkUwcgg3gnl/IVUs1h:Ip5dvntDgl/iBiP+k9AeWUUwYgl/iBiP
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2224 7666631340601c748c0b9cb8affa02db.exe -
Executes dropped EXE 1 IoCs
pid Process 2224 7666631340601c748c0b9cb8affa02db.exe -
resource yara_rule behavioral2/memory/2000-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/files/0x0007000000023222-11.dat upx behavioral2/memory/2224-13-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2000 7666631340601c748c0b9cb8affa02db.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2000 7666631340601c748c0b9cb8affa02db.exe 2224 7666631340601c748c0b9cb8affa02db.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2000 wrote to memory of 2224 2000 7666631340601c748c0b9cb8affa02db.exe 88 PID 2000 wrote to memory of 2224 2000 7666631340601c748c0b9cb8affa02db.exe 88 PID 2000 wrote to memory of 2224 2000 7666631340601c748c0b9cb8affa02db.exe 88
Processes
-
C:\Users\Admin\AppData\Local\Temp\7666631340601c748c0b9cb8affa02db.exe"C:\Users\Admin\AppData\Local\Temp\7666631340601c748c0b9cb8affa02db.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2000 -
C:\Users\Admin\AppData\Local\Temp\7666631340601c748c0b9cb8affa02db.exeC:\Users\Admin\AppData\Local\Temp\7666631340601c748c0b9cb8affa02db.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2224
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
276KB
MD5a8469f6ac3f489b56e4a396b13eb6515
SHA102964a61368f6471ae3a32e72f5e1547e232d566
SHA256b34821c6ea7db083ad8de1d1fe0686634720d8f133b9478c67ee0d99e543de80
SHA51272257540c93a806a0552025bebaf7f1b5bb288c1d3a0436562c00e054061582fcf75192f9dd6c8be0b919e1b42dfed39dbe69e2d113b098ef3ba6c17a738ae69